<?php

class Admin extends Controller {
	
	function Admin()
	{
		parent::Controller();	
	}
	
	function index()
	{			
		$this->load->helper('form');
		$this->load->library('session');
		$this->load->database();
		
		$query = $this->db->query("SELECT * FROM gcms_options WHERE option_name='title'");
		if($query->num_rows() > 0)
		{
		   $row = $query->row();
		   $data['title'] = $row->option_value;
		} else {
			$data['title'] = 'GCMS';
		}

		$data['style'] = base_url().'system/application/views/style.css';
		
		$this->_login_check($data, 'admin_view');
	}	
	
	function _login_check($data, $dest)
	{
		$this->load->library('session');
		
		$logged_in = $this->session->userdata('logged_in');
		if(!$logged_in){
			$this->load->view('login', $data);
		} else {
			$this->load->view($dest, $data);
		}
	}
	
	function loginquery()
	{
		$this->load->library('session');
		$this->load->database();
		
		/*** first check that both the username, password and form token have been sent ***/
		if(!isset( $_POST['user'], $_POST['pass'], $_POST['form_token']))
		{
		    $data['message'] = 'Please enter a valid username and password';
			$this->load->view('login_fail', $data);
		}
		/*** check the form token is valid ***/
		elseif( $_POST['form_token'] != $this->session->userdata('form_token'))
		{
		    $data['message'] = 'Invalid form submission';
			$this->load->view('login_fail', $data);
		}
		/*** check the username is the correct length ***/
		elseif (strlen( $_POST['user']) > 50 || strlen($_POST['user']) < 4)
		{
		    $data['message'] = 'Incorrect Length for Username';
			$this->load->view('login_fail', $data);
		}
		/*** check the password is the correct length ***/
		elseif (strlen( $_POST['pass']) > 50 || strlen($_POST['pass']) < 4)
		{
		    $data['message'] = 'Incorrect Length for Password';
			$this->load->view('login_fail', $data);
		}
		/*** check the username has only alpha numeric characters ***/
		elseif (ctype_alnum($_POST['user']) != true)
		{
		    /*** if there is no match ***/
		    $data['message'] = "Username must be alpha numeric";
			$this->load->view('login_fail', $data);
		}
		/*** check the password has only alpha numeric characters ***/
		elseif (ctype_alnum($_POST['pass']) != true)
		{
		    /*** if there is no match ***/
		    $data['message'] = "Password must be alpha numeric";
			$this->load->view('login_fail', $data);
		}
		else
		{
			$username = $_POST['user'];
			$password = $_POST['pass'];
			
			$password = md5($password);
			
			$query = $this->db->query(sprintf("SELECT * FROM gcms_users WHERE user_login='%s' AND user_pass='%s'", mysql_real_escape_string($username), mysql_real_escape_string($password)));
			if($query->num_rows() > 0){
				$this->session->set_userdata('logged_in', true);
				$this->session->set_userdata('username', $username);
				redirect('/admin', 'refresh');
			} else {
				$data['message'] = "Unknown user";
				$this->load->view('login_fail', $data);
			}
		}
	}
	
	function logout()
	{
		$this->load->library('session');
		$this->session->sess_destroy();
		redirect('', 'refresh');
	}
}
?>